Commit
'To remove a pending commit:' * Device -> Setup -> Operations -> Revert to running config * Then commit 'Locks' Click on the Lock icon 'and then click "'Take Lock": *'Config Lock' - Blocks other admins from making changes to the configuration. **Can be set globally or for a virtual system **It can be removed only by the admin who set it or by a superuser on the system. *'Commit Lock' - Blocks other admins from committing changes until all of the locks have been released. **This lock prevents collisions that can occur when two admins are making changes at the same time and the first admin finishes and commits changes before the second admin has finished. **The lock is released when the current changes are committed, or it can be released manually. *Any Administrator can open the lock window to view the current locks, along with the timestamp for each. 'Comparing Configuration Files:' Device -> Config Audit *'Running Config' = Currently active on the firewall *'Candidate Config' = pending configuration, not yet commited **Config Audit colors: ***'Red '= Deleted ***'Green' = Added ***'Amber' = Changed When you change a configuration setting and click OK, the current or "candidate" config is updated, not the active or running config. *Clicking Commit applies the candidate config to the running config. 'Configuration Audit Version': *Configuration Audit versions are used for rolling a PANFW back to a past configuration OR for comparing modifications made across commits. *the PANFW stores configuration audit versions each time a commit is performed. **The list of configuration versions, along with the associated commit timestamp can be viewed here: ***''Device -> Setup -> Operations -> Operations -> Load configuration version'' *''PANORAMA '''automatically saves all of the configuraiton files that are commited on each managed firewall, whether the changes are made through the Panorama interface or locally on the firewall. 'How to change the Audit Version limit: Device -> Setup -> Management (tab) -> Logging and Reporting settings *'Number of Versions for Config Audit '= Specifies the MAX number of audit versions that store before discarding the oldest ones. **Default of 100 **Range of 1-1048576 'Configuration Management' Device -> Setup -> Operations -> Configuration management *'Validate candidate config' = Checks the candidate config for errors. *'Revert to last saved config' = Restores the last saved candidate config from the flash memory. **The current candidate config is overwritten. **An error occurs if the candidate config has not been saved. *'Revert to running config '= Restores the last running config. The current running config is overwritten. *'Saved Named Config Snapshot' = Saves the candidate config to a file. **Enter a file name or select an existing file to be overridden. **The current active configuration file cannot be overridden.'' (running-config.xml)'' *'Save candidate config' = This is the same as clicking Save at the top of the page. It saves the candidate config in flash memory. *'Load named config snapshot' = loads a candidate config from the active config (running-config.xml) or from a previously imported or saved config. The current candidate config is overridden. *'Load config version' = Loads a specified version of the configuration, *'Exported named configuration snapshot' = Exports the active config (running-config.xml) or a previously saved or imported config. You can open the file and/or save it in any network location. *'Export config version' = exports a specified version of the configuraiton. *'Export '''device '''state' = This is used to export the configuration and dynamic information from a firewall that is configured as a GlobalProtect Portal with the large scale VPN feature enabled. **If the Portal experiences a failure, the export file can be imported to restore the Portal's configuration and dynamic information. **The export contains a list of all satellite devices managed by the Portal, the running config at the time of the export, and all certificate information (root CA, Server, and satellite certs). **You must manually run the device state export or create a scheduled XML API script to expore the file to a remote server. *'Import named config snapshot' = Imports a config file from any network location. *'Import device state' = Import the device state info that was exported using the Export Device State option. **Includes the current running config, Panorama templates, and shared policies. **If the device is a GlobalProtect Portal the export includes the Certificate Authority (CA) info and the list of satellite devices and their authentication information.